WhatsApp Ask Users To Update App Cuz There’s A Powerful Spyware Infecting Users

The most important information is in the title.

If you use WhatsApp, update it now because knowing about the spyware in question won’t save you if you’re targeted.

In a more detailed announcement by a WhatsApp spokesperson: “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”

According to Euronews, the app versions affected are:

  • Android prior to v2.19.134
  • Business for Android prior to v2.19.44
  • iOS prior to v2.19.51
  • Business for iOS prior to v2.19.51
  • Windows Phone prior to v2.18.348
  • Tizen prior to v2.18.15.

Okay, updated your WhatsApp?

Now, for the details.

The Update

The patch in the latest version of WhatsApp will fix a security flaw in the ubiquitous messenger.

Credits: Techbout

The security flaw is a chink in the armour that allowed hackers to remotely install surveillance software on phones via the WhatsApp voice call function, even if users do not pick up the call.

Which explains why we say that there’s no way you can prevent a potential attack if you don’t update your application.

The Spyware: Pegasus

So who did this?

It is the Israel-based NSO Group’s “Pegasus” that’s doing the job here. The spyware manufacturer is known to sell its surveillance software to countries and government agencies such as Saudi Arabia, “for the sole purpose of fighting crime and terror.”

As mentioned, the spyware can be installed in a users phone through a simple WhatsApp voice call, a targeted attack, thereafter allowing it to take control of a phone camera and microphone, track movement and record calls.

The Targets

A handful of users were found with the spyware installed in their phones.

Among at least 24 human rights defenders, journalists and parliamentarians in Mexico, an Amnesty employee, and Saudi and Emirati activists, one particular UK-based human rights lawyer who is advising on a case against NSO.

NSO correspondingly responses: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” which emphasises the fact that they are the enablers, not the perpetrators.

The attack on the lawyer wasn’t successful since WhatsApp had by then already patched the vulnerability.

Social Concerns

Understandably, the human rights organisation intend to file a petition to stop NSO Group from exporting its products.

The NSO software was tracked to 45 countries, of which “at least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society.

“They include Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.”

Regardless, the spyware is out and about right now and will not be disappearing soon. So do update your app.

Better be safe than sorry, my mother says one.